1. 首页
  2. 问答
  3. 什么是IdentityServer3的nuGet软件包/ MS库的最高版本

什么是IdentityServer3的nuGet软件包/ MS库的最高版本

2017-03-07 100 views
0

我正在使用Visual Studio 2015并以IdentityServer3启动。从尽可能多的阅读中,这个版本需要Katana和Owin 1.0。然而,一些MS库和nuGet工具引入了重大变化。什么是IdentityServer3的nuGet软件包/ MS库的最高版本

我还没准备好在此时进入.Net代码或IdentityServer4。但是,按照Scott Brady的工作指示,我无法在我的MVC应用程序中使用IdentityServer3。 TokenValidationParameters有一个突破性的变化。

我该如何继续?我的一个软件包是否需要降级?

<?xml version="1.0" encoding="utf-8"?> 
<packages> 
    <package id="Antlr" version="3.5.0.2" targetFramework="net452" /> 
    <package id="bootstrap" version="3.3.7" targetFramework="net452" /> 
    <package id="jQuery" version="3.1.1" targetFramework="net452" /> 
    <package id="jQuery.Validation" version="1.16.0" targetFramework="net452" /> 
    <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net452" /> 
    <package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net452" /> 
    <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net452" /> 
    <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net452" /> 
    <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.3" targetFramework="net452" /> 
    <package id="Microsoft.IdentityModel.Logging" version="1.1.3" targetFramework="net452" /> 
    <package id="Microsoft.IdentityModel.Tokens" version="5.1.3" targetFramework="net452" /> 
    <package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.3" targetFramework="net452" /> 
    <package id="Microsoft.Net.Compilers" version="1.3.2" targetFramework="net452" developmentDependency="true" /> 
    <package id="Microsoft.Owin" version="3.0.1" targetFramework="net452" /> 
    <package id="Microsoft.Owin.Host.SystemWeb" version="3.0.1" targetFramework="net452" /> 
    <package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net452" /> 
    <package id="Microsoft.Owin.Security.Cookies" version="3.0.1" targetFramework="net452" /> 
    <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net452" /> 
    <package id="Modernizr" version="2.8.3" targetFramework="net452" /> 
    <package id="Newtonsoft.Json" version="9.0.1" targetFramework="net452" /> 
    <package id="Owin" version="1.0" targetFramework="net452" /> 
    <package id="Respond" version="1.4.2" targetFramework="net452" /> 
    <package id="System.IdentityModel.Tokens.Jwt" version="5.1.3" targetFramework="net452" /> 
    <package id="WebGrease" version="1.6.0" targetFramework="net452" /> 
</packages>

受影响的代码:

private async Task<IEnumerable<Claim>> ValidateIdentityTokenAsync(string token, string state) 
{ 
    const string certString = "MIIDBTCCAfGgAwIBAgIQNQb+T2ncIrNA6cKvUA1GWTAJBgUrDgMCHQUAMBIxEDAOBgNVBAMTB0RldlJvb3QwHhcNMTAwMTIwMjIwMDAwWhcNMjAwMTIwMjIwMDAwWjAVMRMwEQYDVQQDEwppZHNydjN0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnTksBdxOiOlsmRNd+mMS2M3o1IDpK4uAr0T4/YqO3zYHAGAWTwsq4ms+NWynqY5HaB4EThNxuq2GWC5JKpO1YirOrwS97B5x9LJyHXPsdJcSikEI9BxOkl6WLQ0UzPxHdYTLpR4/O+0ILAlXw8NU4+jB4AP8Sn9YGYJ5w0fLw5YmWioXeWvocz1wHrZdJPxS8XnqHXwMUozVzQj+x6daOv5FmrHU1r9/bbp0a1GLv4BbTtSh4kMyz1hXylho0EvPg5p9YIKStbNAW9eNWvv5R8HN7PPei21AsUqxekK0oW9jnEdHewckToX7x5zULWKwwZIksll0XnVczVgy7fCFwIDAQABo1wwWjATBgNVHSUEDDAKBggrBgEFBQcDATBDBgNVHQEEPDA6gBDSFgDaV+Q2d2191r6A38tBoRQwEjEQMA4GA1UEAxMHRGV2Um9vdIIQLFk7exPNg41NRNaeNu0I9jAJBgUrDgMCHQUAA4IBAQBUnMSZxY5xosMEW6Mz4WEAjNoNv2QvqNmk23RMZGMgr516ROeWS5D3RlTNyU8FkstNCC4maDM3E0Bi4bbzW3AwrpbluqtcyMN3Pivqdxx+zKWKiORJqqLIvN8CT1fVPxxXb/e9GOdaR8eXSmB0PgNUhM4IjgNkwBbvWC9F/lzvwjlQgciR7d4GfXPYsE1vf8tmdQaY8/PtdAkExmbrb9MihdggSoGXlELrPA91Yce+fiRcKY3rQlNWVd4DOoJ/cPXsXwry8pWjNCo5JD8Q+RQ5yZEy7YPoifwemLhTdsBz3hlZr28oCGJ3kbnpW0xGvQb3VHSTVVbeei0CfXoW6iz1"; 

    var cert = new X509Certificate2(Convert.FromBase64String(certString)); 

    var result = await this.Request 
     .GetOwinContext() 
     .Authentication 
     .AuthenticateAsync("TempCookie"); 

    if (result == null) 
    { 
     throw new InvalidOperationException("No temp cookie"); 
    } 

    if (state != result.Identity.FindFirst("state").Value) 
    { 
     throw new InvalidOperationException("invalid state"); 
    } 

    var parameters = new TokenValidationParameters 
    { 
     ValidAudience = "implicitclient", 
     ValidIssuer = IdServBaseUri, 
     IssuerSigningKeys = new X509SecurityToken(cert) 
    }; 

    var handler = new JwtSecurityTokenHandler(); 
    Microsoft.IdentityModel.Tokens.SecurityToken jwt; 
    var id = handler.ValidateToken(token, parameters, out jwt); 

    if (id.FindFirst("nonce").Value != result.Identity.FindFirst("nonce").Value) 
    { 
     throw new InvalidOperationException("Invalid nonce"); 
    } 

    this.Request.GetOwinContext().Authentication.SignOut("TempCookie"); 

    return id.Claims; 
}

来源

2017-03-07 John White

回答

0

它采取了一些挖掘和尝试的。这是要点。

  1. 请确保您没有提及Microsoft.IdentityModel.Tokens(如果有,请将其取出)。
  2. 确保您降级到 System.IdentityModel.Tokens.Jwt v4.x(删除对#1的依赖关系)。
  3. 添加到System.IdentityModel的引用(SecurityToken & JwtSecurityTokenHandler.ValidateToken)

来源

2017-03-12 18:13:16

相关问题

 相关问题